POLICY @ 
DEF CON 


Interested in the cutting edge of hacking technology and 
its policy implications? Interested in talking with policy 
folks wanting an honest assessment of what is possible? 


Hackers are early users and abusers of technology, and 
that technology is now critical to modern life. As govern- 
ments make policy decisions about technology, hackers, 
researchers and academics need to be part of that conver- 
sation before the decisions are made, and not after policies 
are implemented. 


These talks will take place in the Policy track in Summit 
Ballroom 224-227 at Caesars Forum. 


FRIDAY 


Emerging Cyber Policy 


Hacking law is for 
hackers - how recent Topics 


changes to CFAA, DMCA, TBA 
and global policies 
affect security 
research 


12:00 


Harley Geiger, Leonard Bailey 


Defense Through a TAC Meet the Feds: ONCD 


o | (Technical Advisory Edition 

2 | Committee) 

a Staff from the Office of the 

= | The Dark Tangent, Members National Cyber Director 
of the TAC 
Moving Regulation Emerging Cyber Policy 
Upstream - An Topics 

8 Increasing focus on TBA 

` | the Role of Digital 

“| Service Providers 
Jen Ellis 

5 Meet the Feds: CISA Fireside Policy Chats 

g Edition (Lounge) TBA 

— | CISA Staff 

= Meet the Feds: DHS 

Ọ | Edition (Lounge) 

© 

N | DHS Staft 


Fireside Policy Chats 
TBA 


20:30 


SATURDAY 


Hacking Operational 
Collaboration 


Imagining a cyber 
policy crisis: 
Storytelling and 
Simulation for real- 
world risks 


Safa Shahwan Edwards 


David Forscey 


10:00 


Addressing the gap Hacking Aviation Policy 


in ESEE for Timothy Weston, Meg King, 
measuring) the harm of Pete Cooper, Ayan Islam, Ken 
cyberattacks Munro 


Adrien Ogee 


12:00 


Confronting Reality in 
Cyberspace: Foreign 
Policy for a Fragmented 


Return-Oriented Policy 
Making for Open Source 
and Software Security 


Trey Herr Internet 
Neal Pollard, Jason Healey 
Emerging Cyber Policy International 
Topics Government Action 
TBA Against Ransomware 
Jen Ellis 


Do No Harm (Lounge) Fireside Policy Chats 


Christian “quaddi” Dameft TBA 
MD, Jeff “r3plicant” Tully 
MD, Jessica Wilkerson, Alissa 
Knight, Seeyew Mo 


Fireside Policy Chats 
TBA 


SUNDAY 


Improving International 
Vulnerability 
Disclosure: Why the US 
and Allies Have to Get 
Serious 


Better Policies 
for Better Lives: 
Cybersecurity Basics 


10:00 


Peter Stevens 


Stewart Scott 


Offensive Cyber 
Industry Roundtable 


Protect Our Pentest 
Tools! Perks and 
Hurdles in Distributing 
Red Team Tools 


Winnona DeSombre 


12:00 


Sarah Powazek 


Emerging Cyber Policy Emerging Cyber Policy 
Topics Topics 


TBA TBA 


14:00 
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Panel - “So It's your first 
DEF CON" - How to get the 
most out of DEF CON, What 
NOT to do. 


DEF CON Goons 


Welcome to DEF CON & The 
Making of the DEF CON 
Badge 


The Dark Tangent, Michael and 
Katie Whiteley (Mkfactor) 


FRIDAY 


Panel - DEF CON Policy Dept 
- What is it, and what are 
we trying to do for hackers 
in the policy world? 


DEF CON Policy Dept 


Old Malware, New tools: 
Ghidra and Commodore 64, 
why understanding old 
malicious software still 
matters 


Cesare Pizzi 


Computer Hacks in the 
Russia-Ukraine War 


Kenneth Geers 


Glitched on Earth by 
humans: A Black-Box 
Security Evaluation of 
the SpaceX Starlink User 
Terminal 


Lennert Wouters 


DEF CON Policy Dept - 
Special Edition Policy Talk 


Chris Inglis 


The PACMAN Attack: 
Breaking PAC on the Apple 
M1 with Hardware Attacks 


Joseph Ravichandran 


OopsSec -The bad, the 
worst and the ugly 

of APT's operations 
security 


Tomer Bar 


Running Rootkits Like 
A Nation-State Hacker 


Omri Misgav 


Emoji Shellcoding: %*, %, 


and ə 


Hadrien Barral, Georges-Axel 
Jaloyan 


Global Challenges, Global 
Approaches in Cyber Policy 


Gaurav Keerthi et al 


Avoiding Memory Scanners: 
Customizing Malware to 
Evade YARA, PE-sieve, and 
More 


Kyle Avery 


One Bootloader to Load 
Them All 


Mickey Shkatov, Jesse Michael 


Backdooring Pickles: A 
decade only made things 
worse 


ColdwaterQ 


Space Jam: Exploring Radio 
Frequency Attacks in Outer 
Space 


James Pavur 


A Policy Fireside Chat with 
Jay Healey 


Jason Healey et al 


Weaponizing Windows 
Syscalls as Modern, 32-bit 
Shellcode 


Tarek Abdelmotaleb, Dr. Bramwell 
Brizendine 


You're Muted Rooted 
Patrick Wardle 


Exploring the hidden 
attack surface of OEM 

IoT devices: pwning 
thousands of routers with 
a vulnerability in Realtek's 
SDK for eCos OS. 


Octavio Gianatiempo, Octavio 
Galland 


Leak The Planet: Veritatem 
cognoscere non pereat 
mundus 


Emma Best, Xan North 


Process injection: breaking 
all macOS security layers 
with a single vulnerability 


Thijs Alkemade 


Phreaking 2.8 - 
Abusing Microsoft 
Teams Direct Routing 


Moritz Abrell 


Hacking ISPs with Point-to- 
Pwn Protocol over Ethernet 
(PPPoE) 


Gal Zror 


How Russia is trying to 
block Tor 


Roger Dingledine 


LSASS Shtinkering: Abusing 
Windows Error Reporting to 
Dump LSASS 


Asaf Gilboa, Ron Ben-Yitzhak 


Trace me if you can: 
Bypassing Linux 
Syscall Tracing 


Rex Guo, Junyuan Zeng 


Hunting Bugs in The Tropics 


Daniel Jensen 


Killer Hertz 


DEF CON Policy Dept - 
Special Edition Policy Talk 


DEF CON Policy Dept 


Wireless Keystroke 
Injection (WKI) via 
Bluetooth Low Energy (BLE) 


Jose Pico, Fernando Perera 


Browser-Powered 
Desync Attacks: A 
New Frontier in HTTP 
Request Smuggling 


James Kettle 


Walk This Way: What Run 
D.M.C. and Aerosmith Can 
Teach Us About the Future 
of Cybersecurity 


Jen Easterly, The Dark Tangent 


Let's Dance in the Cache - 
Destabilizing Hash Table on 
Microsoft IIS 


Orange Tsai 


Pulling Passwords out of 
Configuration Manager: 


A dead man's full-yet- 
responsible-disclosure 
system 


Yolan Romailler 


Deanonymization of TOR 
HTTP hidden services 


lonut Cernica 


Tear Down this Zywall: 
Breaking Open Zyxel 


Chris Rock 
Practical Attacks against Encrypted Firmware 
Microsoft's Endpoint Jay Lagorio 
Dragon Tails: Supply-side Management Software 
Security and International Christopher Panayi 
Vulnerability Disclosure 
Law 
Stewart Scott, Trey Herr 
Hacker Jeopardy, 
followed by Whose 
Slide is it Anyway? 
fm 


Brazil Redux: Short 
Circuiting Tech-Enabled 
Dystopia with The Right 
to Repair 


10:00 


Paul Roberts, Joe Grand, Corynne 
McSherry, Louis Rossmann, Kyle 
Wiens 


11:00 


SATURDAY 


TBA 


Scaling the Security 
Researcher to Eliminate 
OSS Vulnerabilities Once 
and For All 


Jonathan Leitschuh 


Literal Self-Pwning: Why 
Patients - and Their 
Advocates - Should Be 
Encouraged to Hack, 
Improve, and Mod Med Tech 
Cory Doctorow, Christian 


“quaddi” Dameff MD, Jeff 
“r3plicant” Tully MD 


Reversing the Original 
Xbox Live Protocols 


11:30 


Tristan Miller 


12:00 


My First Hack Was in 
1958 (Then A Career in 
Rock'n'Roll Taught Me 
About Security) 


Winn Schwartau 


No-Code Malware: Windows 
11 At Your Service 


Michael Bargury 


How To Get MUMPS Thirty 
Years Later (lor, Hacking 
The Government via FOIA'd 
Code) 


Zachary Minneker 


Tracking Military Ghost 
Helicopters over our 
Nation's Capital 


Andrew Logan 


All Roads leads to GKE's 
Host : 4+ Ways to Escape 


Billy Jheng, Muhammad Alifa 
Ramdhan 


The Hitchhacker's Guide to 
iPhone Lightning & JTAG 
hacking 


12:30 


stacksmashing 


Chromebook Breakout: 


oS j xi $ 

© | Escaping Jail, with your 

n | friends, using a Pico 
Ducky 


Jimi Allee 


13:30 


UFOs, Alien Life, and the 
Least Untruthful Things I 
Can Say. 


Richard Thieme 


The Evil PLC Attack: 
Weaponizing PLCs 


Sharon Brizinov 


Exploring Ancient Ruins 
to Find Modern Bugs: 
Discovering a 8-Day in an 
MS-RPC Service 


OpenCola. The AntiSocial 
Network 


John Midgley, Oxblood Ruffin 


14:00 


14:30 


HACK THE HEMISPHERE! How 
we (legally) broadcasted 
hacker content to all of 
North America using an 
end-of-life geostationary 
satellite, and how you 
can set up your own 
broadcast too! 


Karl Koscher, Andrew Green 


Ben Barnea, Ophir Harpaz 


Analyzing PIPEDREAM: 
Challenges in testing an 
ICS attack toolkit. 


Jimmy Wylie 


The COW (Container On 
Windows) Who Escaped the 
Silo 


Eran Segal 


Digging into Xiaomi's TEE 
to get to Chinese money 


Slava Makkaveev 


Do Not Trust the ASA, 
Trojans! 


Jacob Baines 


Deja Vu: Uncovering 
Stolen Algorithms in 
Commercial Products 


Patrick Wardle, Tom McGuire 


15:00 


The Big Rick: How I 
Rickrolled My High School 
District and Got Away 
With It 


Minh Duong 


You Have One New 
Appwntment - Hacking 
Proprietary iCalendar 
Properties 


Eugene Lim 


Automotive Ethernet 
Fuzzing: From purchasing 
ECU to SOME/IP fuzzing 


15:30 


Jonghyuk Song, Soohwan Oh, 
Woongjo choi 


Trailer Shouting: Talking 
PLC4TRUCKS Remotely with 
an SDR 


16:00 


Ben Gardiner, Chris Poore 


16:30 


Tor: Darknet Opsec By a 
Veteran Darknet Vendor & 
the Hackers Mentality 


Sam Bent 


Doing the Impossible: How 
I Found Mainframe Buffer 
Overflows 


Jake Labelle 


Low Code High Risk: 
Enterprise Domination via 
Low Code Abuse 


Hacking The Farm: 


Why did you lose the 
last PSS restock to a 
bot Top-performing app- 
hackers business modules, 
architecture, and 


Michael Bargury 


Perimeter Breached! 
Hacking an Access Control 
System 


Sam Quinn, Steve Povolny 


Internal Server Error: 
Exploiting Inter-Process 
Communication with 

new desynchronization 


Primitives 


Martin Doyhenard 


The CSRF Resurrections! 
Starring the Unholy 
Trinity: Service Worker 
of PWA, SameSite of HTTP 


oO 
© | Breaking Badly Into techniques 
IS Agricultural Devices. Arik 
Sick Codes 
o Crossing the KASM--a 
se] webapp pentest story 
m 
T Samuel Erb, Justin Gardner 
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Cookie, and Fetch 
Dongsung Kim 


Defeating Moving Elements 
in High Security Keys 


Bill Graydon 


Black-Box Assessment of 
Smart Cards 


Daniel Crowley 


Digital Skeleton Keys 

- We've got a bone to 
pick with offline Access 
Control Systems 


Miana E Windall, Micsen 


SUNDAY 


War Stories 


Hacker Jeopardy, followed 
by Whose Slide is it 
Anyway? 


A ES Cte 


S Exploitation in the era of formal verification: a peek at a emulation-driven reverse-engineering for finding vulns Save The Environment (Variable): Hijacking Legitimate STrace - A DTrace on windows reimplementation. 

2 new frontier with AdaCore/SPARK atlas Applications with a Minimal Footprint Stephen Eckels 

— | Adam ‘pi3’ Zabrocki, Alex Tereshkin Wietze Beukema 

o The Call is Coming From Inside The Cluster: Mistakes that Taking a Dump In The Cloud PreAuth RCE Chains on an MDM: KACE SMA Defaults - the faults. Bypassing android permissions from all 
2 Lead to Whole Cluster Pwnership Melvin Langvik, Flangvik Jeffrey Hofmann Protection levels 

— | Dagan Henderson, Will Kline Nikita Kurtin 

S Less SmartScreen More Caffeine - ClickOnce (Ab)Use for DEF CON Policy Dept - Special Edition Policy Talk ElectroVolt: Pwning popular desktop apps while uncovering The Journey From an Isolated Container to Cluster Admin in 
Q Trusted Code Execution DEF CON Policy Dept new attack surface on Electron Service Fabric 

— | Steven Flores, Nick Powers Aaditya Purani, Max Garrett Aviv Sasson 

Ə Contest Closing Ceremonies & Awards Solana JIT: Lessons from fuzzing a smart-contract compiler 
oO 4 

= Grifter Thomas Roth 

S DEF CON Closing Ceremonies & Awards 

mM 

iG The Dark Tangent 


POCKET GUIDE 


Download the official DEF CON app! It contains all 
of the happenings of DEF CON. It is easy to use and 


updated as things change during the conference. It 


contains all of the maps and schedules so you can plan 
your best DEF CON experience. 
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